STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide

Version

V1R1

Release Date

Mar 5, 2026

SCAP Benchmark ID

SSS_TCMax_9-x

Total Checks

17

Tags

other
CAT I: 2CAT II: 15CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (17)

V-281366MEDIUMTCMax must initiate a session lock after a 15-minute period of inactivity.V-281367MEDIUMTCMax must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-281368MEDIUMTCMax must protect audit information from any type of unauthorized read access.V-281369MEDIUMTCMax must be configured to prohibit or restrict using organization-defined functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL) and vulnerability assessments.V-281370MEDIUMTCMax must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).V-281371MEDIUMTCMax must enforce a minimum 15-character password length.V-281372MEDIUMTCMax must enforce password complexity by requiring that at least one uppercase letter, one lowercase letter, and number, and one special character be used.V-281373MEDIUMTCMax must require the change of at least eight of the total number of characters when passwords are changed.V-281374MEDIUMTCMax must enforce 24 hours/1 day as the minimum password lifetime.V-281375MEDIUMTCMax must enforce a 60-day maximum password lifetime restriction.V-281376HIGHTCMax must protect the confidentiality and integrity of transmitted information.V-281377MEDIUMTCMax must accept personal identity verification (PIV) credentials.V-281378MEDIUMTCMax must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-281379MEDIUMFor password-based authentication, TCMax must require immediate selection of a new password upon account recovery.V-281380MEDIUMTCMax must enforce a role-based access control (RBAC) policy over defined subjects and objects.V-281381HIGHTCMax must be running a version supported by the vendor.V-281382MEDIUMTCMax must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).